Spammer Bounce Backs

20 posts in this topic

Here is a problem I'm hoping we can get resolved. I get roughly 500 bounce-backs each day from other companies that have received spam e-mail from people forging my domain in either the "From:" or "Return-Path:" header fields.

I don't want to report the companies that are bouncing them back to me, because they are just as much a victim as I am here. But, I do want to report the original spammers, because it is obvious that the receiving system(s) are not reporting them.

The bounce-backs (95% of the time) include all of the original header information from the spammers. However, when I copy just that information, I get an error from SpamCop stating:

Supposed receiving system not associated with any of your mailhosts

Your system will also report:

No unique hostname found for source: 82.122.203.44

But when I look it up in the RIPE whois, I find a hostname.

I guess the main problem here is that I cannot report it because the receiving system is not associated with any of my mailhosts.

Is there a way that this can be resolved? I really should be able to report any spam associated with my domain regardless of whether I'm receiving it, or it is being sent in my name.

Thanks

RW

Share this post

Link to post

Share on other sites

Your calling those other ISPs "victims" might have been somewhat acceptable even a year ago. Today, not true. If you want to handle it, try contacting thes folks and point them to the various FAQs here and elsewhere on the net about the problems today with (pick your word here, check the Glossary) blowback, misaddressed bounces, etc., etc., etc. The specific issue is whether it's cluelessness, ancient software, or just bad configuration ... take a look at some Topics opened up just today in the Blocking List Forum from "one of those ISPS" ....

Yes, you will run into problems reporting someone else's spam (which is the way the parser sees it after your MailHost configuration)

the no-host issue is offered with no context .. Tracking URL is needed if you want to talk to this issue ..

Share this post

Link to post

Share on other sites

I really should be able to report any spam associated with my domain regardless of whether I'm receiving it, or it is being sent in my name.

28481[/snapback]

Actually, per the rules you agreed to obey for usingthe reporting site, you are NOT allowed to report the spams within other messages:

spam within other messages

If you receive a message (perhaps a bounce) which contains spam, you should not report the spam contained within the message, even if it includes what appear to be the full original headers. This is someone else's spam, not yours. It is expected that you can verify that the headers of reported mail are accurate, something you can't do for mail received on a network you are not familiar with.

The bounce messages, as long as you did not send the original, are reportable, as most admins should know by now that sending any message to the possible forged From in a message is not a good thing.

Perhaps you should brush up on the current rules for reporting in the FAQ (a link can also be found in the Forum FAQ at the top of this page):

Share this post

Link to post

Share on other sites

Ok then, I guess I'll spend the time and track down the admins of the systems that are bouncing the mails back to me. I can understand not reporting SPAMS inside of SPAMS, but when someone is forging my domain, I should be able to do something about that. I understand though, not your problem.

As for this:

as most admins should know by now that sending any message to the possible forged From in a message is not a good thing.

Auto-reponders have no clue what a forged "From" field looks like, all they know is that this is the person that sent the message. The person that can write a program that will tell a computer what a forged "From" field looks like, should win the Nobel Peace Prize.

I have turned my auto-responders off completely, because all it ever does is clogs my queue up. But there have got to be thousands, if not 10s of thousands, of IT managers, administrators, whatever you want to call them, that don't. Sure, they should be a little more knowledgeable about their system, but that doesn't mean they should be reported as spammers.

On the other hand, if I were to just report them, then they would almost be forced to fix their system. That is, IF they care.

Anyways,

Thanks for the help

RW

Share this post

Link to post

Share on other sites

You're getting to the arguement of SMTP rejection at the time of processing vice the "accept then eventually get around to bouncing" problem. This is the subject of much debate in many venues, folks pointing to the RFCs, others pointing out the 'vintage' of the RFCs being pointed at, the efforts on-going in developing 'new' RFCs to cover "today's" internet / spammer infestation ... and of course, not to forget that the spammers are still coming up with new ways to screw over the 'developed in a world of trust' Internet ....

Share this post

Link to post

Share on other sites

Auto-reponders have no clue what a forged "From" field looks like, all they know is that this is the person that sent the message. The person that can write a program that will tell a computer what a forged "From" field looks like, should win the Nobel Peace Prize.

I have turned my auto-responders off completely, because all it ever does is clogs my queue up. But there have got to be thousands, if not 10s of thousands, of IT managers, administrators, whatever you want to call them, that don't. Sure, they should be a little more knowledgeable about their system, but that doesn't mean they should be reported as spammers.

28495[/snapback]

But the admins that allow the auto-responders to run know (or should know) that the majority of email messages now (since spam is making up better than 80% of the messages out there by some accounts, including my own numbers) have forged headers. Some people learn this the way you did with the queues filling up with dead messages. Other because of all the bounces they receive.

I believe it is currently a much smaller percentage of sites that allow these types of messages to leave their servers than you seem to indicate. I get very few auto-responders any longer and my users report probably less than 1 per week now (though that is partially educating them what is happening).

Share this post

Link to post

Share on other sites

Steven, I guess there is only one thing left to do then.....EDUCATE....If I had known about SBLs and RBLs a long time ago, I could have done something about it then. I stumbled upon it one day in my quest to stop the spam from hitting my office. Imagine all the people out there that still have no idea.

Can I (legally) send a SpamCop link to the people I'm getting bounced messages back from, or would that too be considered spam?

Share this post

Link to post

Share on other sites

Steven, I guess there is only one thing left to do then.....EDUCATE....If I had known about SBLs and RBLs a long time ago, I could have done something about it then. I stumbled upon it one day in my quest to stop the spam from hitting my office. Imagine all the people out there that still have no idea.

Can I (legally) send a SpamCop link to the people I'm getting bounced messages back from, or would that too be considered spam?

28509[/snapback]

If you 'manually' make a report to them, you certainly could phrase your report to include 'education' and include spamcop as where you learned your knowledge or as a reference.

Share this post

Link to post

Share on other sites

knol's post mover/merged into this Topic/Discussion ... PM sent to advise.

Future recommendation - please use a more descriptive Subject line. It is assumed that there is a "Problem" that drove one to start a new Topic in one of the Help Forums. And of course, there is much talk about the use of a Tracking URL instead of cluttering up these Forum posts with generally unusable (and almost always unwanted complete) spam postings. See the Glossary, linked to from the SpamCop FAQ, linked to at the top of every page, a Pinned entry in each forum section for data on the use of and obtaining a Tracking URL.

Share this post

Link to post

Share on other sites

English is not my natural language and I find this forums and website very difficult. I understand there is actually nothing anyone can do to stop this? The ip addresses are forged and there is no way to obtain the offender, is that what I can aspect?

I do understand the copied mail was to long for the forum.

If I ever need to ask somteting again, I will try to only post mail headers or something.

It's just, I'm getting very anoid by all those emails and was hoping for somekind of resenably easy way to get rid of all this. This evening, in just over 3 hours, almost 300 email bounce messages. Please understand my website provider also charges for email traffic.

By the way, thnx for the pm.

Share this post

Link to post

Share on other sites

Not 100% I'm following your setup .. so let's start with something 'easy' ... is xuanu actually a user / account? If not, then the general advice is to turn off the catch-all mode (accept all incoming e-mail) at that server. Limit actions to real / actual e-mail accounts on that system, reject the rest.

Share this post

Link to post

Share on other sites

But the problem still exists after I turn of this option ofcourse. All those people will get these emails from "my" server. I hope there will be some sorth of action against those type of...

32303[/snapback]

...You could use SpamCop's spam reporting capability to report them to the appropriate abuse desks. You could also manually send a complaint to legal authorities, such as your local, regional or national authorities as well as the legal authorities in the country of the owner of the source of the spam (if you can find any such authority that might be interested in pursuing the criminal spammers).

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

I'm having the same issue. Over the last few days, I have been receiving 100's of bounce back messages that say my email could not be delivered. When I look at the message, I see that it is spam that was sent with my email address in the header.

If I were to go through every header and try to contact the organization that sent the bounce back so that I could notify them and encourage them to change their settings to avoid sending me bounce backs, this task would take more time than I have.

What options do I have now? My hosting company told me to get a new email address. Ha. Funny. I've been using this address for almost 10 years. It's on my business cards, web sites, etc. Changing an email address sounds like a ridiculous solution.

So, what else can I do? Even deleting the 100's of messages every day is becoming a tedious task.

Thanks,

Share this post

Link to post

Share on other sites

If I were to go through every header and try to contact the organization that sent the bounce back so that I could notify them and encourage them to change their settings to avoid sending me bounce backs, this task would take more time than I have.

What options do I have now? My hosting company told me to get a new email address. Ha. Funny. I've been using this address for almost 10 years. It's on my business cards, web sites, etc. Changing an email address sounds like a ridiculous solution.

So, what else can I do? Even deleting the 100's of messages every day is becoming a tedious task.

One can only surmize that you do not yet have a SpamCop.net Reporting Account. These are described in various FAQ entries as Misdirected Bounces and as such are reportable via the SpamCop.net Parsing & Reporting System.

First and easiest suggestion other than riding out the storm .... sign up for a free Reporting Account at www.spamcop.net.

Share this post

Link to post

Share on other sites

First and easiest suggestion other than riding out the storm .... sign up for a free Reporting Account at www.spamcop.net.

Wazoo's advice is always useful... But bear in mind that reporting misdirected bounces will not, itself, stop the problem you are experiencing. You also need to implement a spam blocking/filtering/rejection mechanism at your mail server or on your local machine.